Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using TestLogServer for Web Security Troubleshooting : Running TestLogServer
Running TestLogServer
Topic 50331 | Websense Web Security Solutions | Version 7.7, 7.8 | Updated 19-Sept-2013
Applies To:
Websense Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7, 7.8
In order to screen log traffic with TestLogServer without interrupting the flow of log records to Log Server, first launch the utility using parameters that forward all traffic to Log Server, then use TRITON - Web Security to configure Filtering Service to pass log traffic to TestLogServer.
1.
On Log Server machine, open a command prompt (Start > Run > cmd) and navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin, by default).
2.
Start the TestLogServer utility with the following parameters. (For a complete list of available parameters, see TestLogServer parameters.)
testlogserver -port 5555 -forward <IP address>:55805
*
Provide the IP address of the Log Server machine. If port 5555 is in use, you can use any available port.
*
If you are running TestLogServer in a production environment at a time of normal or higher traffic loads, you may want to use one or both of the following additional parameters:
-file <filename.txt>
-onlyip <IP address>
The first parameter allows you to redirect traffic to a file for review, rather than having it scroll rapidly across the console. The file is created by default in the Websense bin directory.
The second parameter allows you to monitor traffic only from the IP address specified.
Initially, when the utility launches, no traffic appears. Now you can redirect traffic to TestLogServer.
3.
Log on to TRITON - Web Security, and navigate to the Settings > General > Logging page.
4.
Make sure that the Log Server IP address is correct. This should be the actual IP address of the Log Server machine, and not the loopback address (127.0.0.1), even if Log Server and TRITON - Web Security are installed on the same machine.
5.
Change the port to 5555 (or the value you've selected).
6.
Click Check Status to verify the connection to TestLogServer.
7.
Click OK and then Save and Deploy.
8.
Review the captured data. See Understanding TestLogServer output for help in parsing the data.
*
If you are in a test environment, or performing this test at a low-traffic period, generate traffic from specific machines while monitoring TestLogServer to verify that the traffic appears.
*
If you are using the tool in a production environment while normal traffic flow is occurring, and the data is coming too rapidly to process, review step 2 for options for redirecting output or capturing traffic only for a specific machine.
9.
When you are finished, first return to the Settings > General > Logging screen in TRITON - Web Security, and change the logging port back to its original value (55805, by default). Remember to click OK and Save and Deploy to cache and then implement your change.
At this point, traffic is sent directly to Log Server and stops appearing in TestLogServer.
10.
In the command window where TestLogServer is running, press Ctrl+C to stop the utility.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using TestLogServer for Web Security Troubleshooting : Running TestLogServer
Copyright 2016 Forcepoint LLC. All rights reserved.